SUBMARINE-597. Support for SSH based git sync mode #391
Conversation
There was a problem hiding this comment.
hi, @manirajv06 There are 2 problems with this PR:
- We need to explain what this PR contains in the description of SUBMARINE-597 and PR.
- In the paragraph
What is this PR for?is not put a link to SUBMARINE-597, it should be the content of SUBMARINE-597.
|
@wangdatan @tangzhankun Can you please take a look? We will need to add the documentation to describe the steps to create secrets as prerequisite step. Please refer https://github.com/kubernetes/git-sync/blob/master/docs/ssh.md for more details. For example,
ssh-keyscan github.com > /tmp/known_hosts
kubectl --kubeconfig /Users/mani/.kube/kind-config-kind create secret generic git-creds --from-file=ssh=/Users/mani/.ssh/id_rsa --from-file=known_hosts=/tmp/known_hosts |
|
@liuxunorg Taken care |
manirajv06
force-pushed
the
SUBMARINE-597
branch
from
64eb1da
to
745d135
Compare
I helped you update the content of the PR. Please pay attention to my changes. |
|
@manirajv06 I have two question:
|
There was a problem hiding this comment.
Thanks @manirajv06 for the work. I left some questions inline.
...ava/org/apache/submarine/server/submitter/k8s/experiment/codelocalizer/GitCodeLocalizer.java
Outdated
Show resolved
Hide resolved
.../org/apache/submarine/server/submitter/k8s/experiment/codelocalizer/SSHGitCodeLocalizer.java
Outdated
Show resolved
Hide resolved
.../org/apache/submarine/server/submitter/k8s/experiment/codelocalizer/SSHGitCodeLocalizer.java
Outdated
Show resolved
Hide resolved
|
|
||
| List<V1VolumeMount> initContainerVolumeMounts = | ||
| podSpec.getInitContainers().get(0).getVolumeMounts(); |
There was a problem hiding this comment.
There are 2 init containers. 1. for git sync process and 2. for environment setup. 0th init container has been created for git code sync process. As part of git sync, it is required to get some properties of corresponding init container and set the same in pod spec level as well. Hence, this step.
Source code available at git hub repos can be pulled into /code destination directory in k8 container using ssh based access. Earlier, we had support for "http" based access and now for "ssh" based access.
I don't have screenshots. It pulls the code from git hub repos and place it in /code destination directory. |
Thanks. |
manirajv06
force-pushed
the
SUBMARINE-597
branch
from
70895eb
to
88d3f77
Compare
|
@manirajv06 I have a question:
Maybe you need to create a new jira to support this new feature. Can you raise this question at the next community meeting, can we discuss it together? |
xunliu
changed the title
Yes, this requires sharing private key info. Ideally, we will need to get this info through Web UI to create the secrets in K8s and use it while creating init containers. May be I can write a design doc and run it through with others. This requires co-ordination with folks working on UI. cc @tangzhankun @wangdatan For now, secrets can be created through k8 commands. |
What is this PR for?
Clone the source code from git repository using SSH based access. /code dir is the location to store the source code. SSH based access requires SSH host private key and known hosts to be passed through /etc/secret to K8 git sync init container process.
What type of PR is it?
Improvement
Todos
How should this be tested?
Screenshots (if appropriate)
Questions: